The more personal information we share on the internet, the greater the privacy risks(new window) that make us vulnerable to identity theft(new window). This issue affects millions globally, impacting people financially and personally, with over 24 million victims(new window) in 2021 in the United States alone.
To understand how to defend yourself against digital thieves, it’s useful to know the different ways they try to enrich themselves with your data. This article explores different kinds of identity theft and provides security measures(new window) to keep your information safe, including encrypted document storage(new window) and secure file sharing(new window).
Examples of identity theft
Financial identity theft
Financial identity theft happens when someone uses stolen personal information(new window) to access your financial resources, such as credit cards and bank accounts, to steal money directly or incur debts in your name.
For example, a criminal could commit bank fraud by stealing your bank account information through phishing scams to withdraw funds, transfer money, or take out loans. In case of credit card fraud, a malicious actor could get your credit card numbers by using credit card skimmers at ATMs or by going through your trash to find discarded billing statements. For loan fraud, your stolen identity could be used to apply for auto loans, mortgages, or personal loans.
Social security identity theft
Social security identity theft means having your social security number (SSN) misused to commit fraud or theft. It can have especially serious consequences because the SSN is commonly used to access various personal and financial services.
For example, a thief could use your SSN to open a new credit account, apply for a loan, or make big purchases, since the SSN is necessary for credit and identity verification. In another scenario, your SSN could be used to apply fraudulently for government benefits like social security, unemployment, or other aid programs.
If your SSN was stolen(new window), you should immediately report it to the authorities and big credit bureaus.
IRS identity theft
IRS identity theft (or tax identity theft) occurs when someone uses stolen personal information like your SSN or individual taxpayer identification number (ITIN) to file tax returns and claim refunds or credit. A criminal might also use your SSN to get a job and commit employment fraud since the income is reported to the IRS under your name.
If you suspect you’ve been a victim of tax-related identity theft, you should immediately contact the IRS(new window), provide your identity, and file the appropriate forms to report the fraud. It could take a while for the IRS to resolve the issue and for you to receive any refund you’re due.
Medical identity theft
In medical identity theft cases, someone uses your identity and health information, like your name, SSN, or Medicare number, to access medical services or prescription drugs. The thief could also file fraudulent claims with insurers to get money, leading to incorrect medical bills and draining your insurance benefits. If these false medical bills go unpaid and are sent to collections, it can harm your credit score.
It’s important to regularly review your medical and insurance statements. You should report any suspicious activities immediately to your healthcare provider(new window) and insurance company.
Insurance identity theft
Insurance identity theft happens when a criminal uses your stolen personal information to apply for insurance services, such as health, auto, life, or homeowners insurance. You might only become aware of this when receiving mail from an insurance company about a policy you didn’t sign up for. Thieves might also access your existing insurance policies to file fraudulent claims for compensation or benefits, or sell your insurance details to third parties.
Be sure to regularly check your insurance statements and explanations of benefits (EOB) for any claims you don’t recognize or service you didn’t receive. Additionally, your insurance provider should notify you about reaching your benefit limits or changes in your policy that you didn’t request. If you’re a victim, report the fraud to your insurance provider and to the police if the theft is extensive.
Synthetic identity theft
Synthetic identity theft is more sophisticated and difficult to detect since it involves creating a brand new identity using both real and fake information.
For example, a thief could steal a SSN from someone who doesn’t frequently use credit, such as a young adult, and combine it with a fake name, address, and birth date. When they first try to obtain credit, the application is likely to be denied since there’s no credit history. But this attempt starts a credit file, and the thief slowly builds a good credit rating by making small purchases and paying them off promptly. Once they have a good credit score, the criminal maximizes the credit limits, maxes them out, and disappears, leaving large debts that go unpaid.
Criminal identity theft
In criminal identity theft, an individual poses as someone else by using their name and SSN or driver’s license to commit crimes or avoid getting caught.
For instance, if a thief gets caught for a crime and uses your information instead of theirs, you could end up with a criminal record. This could also lead to court orders or arrest warrants issued in your name without you even knowing.
Alternatively, if someone gives your details during a traffic stop and then doesn’t show up in court or pay fines, you might be held accountable for these issues, which could bring unexpected legal problems like losing your driving rights.
Child identity theft
Child identity theft happens when someone illegally uses a minor’s personal information to commit financial fraud or other crimes. Thieves might get a child’s SSN from stolen documents, leaked digital records, or by exploiting family or friends.
Besides the emotional toll identity theft can take on a young adult starting their independent life, they may also face a severely damaged credit history, making it difficult to obtain student loans, housing, or employment. Parents should periodically check with major credit bureaus whether a credit report exists for their child.
Digital identity theft
Digital identity theft involves stealing someone’s personal information online(new window) to impersonate them, usually to steal money or access private services. This can be done through methods like phishing attacks, data breaches(new window), malware and spyware, WiFi eavesdropping, and SIM swapping.
For example, in a phishing attack(new window), the thief sends you a fake email or message that appears to be from a legitimate bank or government agency. You are asked to click on a link that leads to a fake website where you provide personal information like passwords(new window), SSNs, or credit card numbers. In a SIM swap scam, a thief tricks your mobile provider into switching your phone number to a SIM card they own, so they can use it to bypass two-factor authentication (2FA)(new window) and access your online accounts.
Sometimes, digital identity theft leads to account takeover. In this case, a thief accesses your online account and changes settings like your email address, password, and security questions(new window) to lock you out permanently. Once in control, they can exploit your account in various ways: reset passwords for other accounts linked to your email, steal personal information, transfer money, or send phishing links to your contacts to access their confidential data too.
How to prevent identity theft
There are several steps you can take toward identity theft protection and mitigation.
The most important is to simply stay on guard against phishing attacks and always communicate securely with others. You should also make sure to use online services that protect your sensitive information with end-to-end encryption(new window). For example, if you keep financial documents, copies of identity documents, or tax returns in Google(new window) or iCloud(new window), those files are not end-to-end encrypted. This means those companies and their employees can see them, and they could be leaked in the event of a data breach.
Proton offers multiple layers of protection to help you easily reduce your chances of leaking your data. Here are just a few:
- End-to-end encryption(new window) — use services such as Proton Drive that encrypt your data in the cloud so that even if there’s a data breach, your sensitive details are inaccessible.
- Link confirmation in Proton Mail(new window) — check out the URL before you click a potential phishing or malware link.
- Hide-my-email aliases in Proton Mail(new window) — share an alias email address instead of your real one to stay private.
- Password-protected file sharing in Proton Drive(new window) — use end-to-end encrypted and password-protected file sharing links instead of less secure options like WeTransfer(new window) or Dropbox(new window).
- Two-factor authentication(new window) — always enable 2FA for the services that offer it. (Proton Pass lets you easily create and autofill 2FA codes, as well as keep all your passwords secure.)
If your data does leak on the web, you should have a way to know about it so you can lock down your accounts and report potential identity theft to credit agencies. Proton Pass Monitor(new window) is a powerful tool we developed that tracks breaches and alerts you if your email is leaked to dark web marketplaces where criminals trade stolen data.
By preventing and mitigating identity theft, you can significantly reduce your chance of financial losses.
